London, UK – A recent discovery by researchers has revealed that nearly 1.5 million images from specialized dating apps are at risk due to a lack of password protection. These explicit photos, from platforms developed by M.A.D Mobile, were found to be accessible to anyone with the link, putting users’ privacy and security in jeopardy.
The five platforms affected by this security flaw include kink sites BDSM People and Chica, as well as LGBT apps Pink, Brish, and Translove, which collectively serve a user base of around 800,000 to 900,000 individuals. Despite being warned about the issue on January 20, M.A.D Mobile only took action to fix it after being contacted by the BBC on a later date.
Ethical hacker Aras Nazarovas from Cybernews was the first to identify the vulnerability, which allowed him to access the unencrypted and unprotected photos without a password. This exposed not only profile pictures but also images sent privately in messages, posing a significant risk to users who may fall victim to extortion or targeted attacks.
In response to the discovery, M.A.D Mobile expressed gratitude to the researcher for uncovering the vulnerability and assured that steps have been taken to address the issue. However, concerns remain about the delay in fixing the flaw, potentially leaving users exposed for months despite multiple warnings from researchers.
The decision by Nazarovas and his team to raise awareness about the security breach while it was still active underscores the importance of transparency in protecting user data. With the memory of the 2015 Ashley Madison data breach still fresh, it is critical for companies to prioritize cybersecurity measures to safeguard their users’ sensitive information.